Posted by riccardo krauter on Mar 19

1) Summary

Affected software CMS Made Simple-2.2.15
Vendor URLhttp://www.cmsmadesimple.org/ <http://www.cmsmadesimple.org/>
Vulnerability File upload bypass with .phar extension lead to RCE

2) Vulnerability Description

The vulnerability affect the `FilePicker` module,
it is possible to bypass the restriction and upload a malicious file with `.phar` extension to gain Remote Code
Execution.
This vulnerability is remotely…
Read More – Full Disclosure


By |2021-03-19T17:18:45-04:00March 19th, 2021|